Computer Science Module: Network Security

Questions and Answers

What is the main purpose of network security?

• To eliminate all internet access
• To reduce the cost of network maintenance
• To protect vital information while allowing access to authorized users (correct)
• To make networks faster

Which of the following describes a firewall?

• A system that allows unrestricted access to network resources
• Software that only protects wireless networks
• An access control mechanism limiting communication based on rules (correct)
• A device that completely blocks all incoming and outgoing traffic

What is one potential drawback of using a firewall?

• Creates a single point of access that can become a target (correct)
• Eliminates the need for all other security measures
• Automatically updates security protocols without intervention
• Increases network speed significantly

What form of authentication can be used to improve network security?

Biometric systems (B)

What do packet filtering firewalls primarily do?

They filter packets based on predefined rules (A)

Which of the following is NOT a common security attack mentioned?

Database Programming (C)

Which statement about firewalls is incorrect?

Firewalls are always ineffective against all types of attacks. (C)

How is the reliability of resource availability typically guaranteed in a secure network?

By maintaining an uptime of 99.995% (C)

What is the purpose of well-known port numbers?

To identify specific service types on a host (A)

Which of the following protocols uses TCP port 22?

Secure Shell (SSH) (A)

What type of attack is characterized by overloading a server to make a network service unusable?

Denial of Service (C)

Which of the following best describes a dictionary attack?

Brute forcing passwords using a predetermined list (C)

What is a key characteristic of packet sniffing?

It involves listening to plain text data on a network. (C)

Which protocol is commonly used to secure HTTP communications?

Transport Layer Security (TLS) (A)

What might be a common tactic employed in social engineering attacks?

Manipulating individuals to reveal confidential information (C)

Which service commonly uses TCP port 80?

Hypertext Transfer Protocol (HTTP) (A)

What is the primary function of well-known port numbers in a network?

To identify specific service types on a host (A)

Which of the following ports is associated with the Hypertext Transfer Protocol (HTTP)?

80 (D)

What is a characteristic of a denial of service attack?

It attempts to make a network service unusable. (C)

How does packet sniffing primarily compromise network security?

By listening to data transmitted in plain text. (C)

Which of the following protocols is commonly used to secure IP communications?

IPsec (B)

What role do Intrusion Detection Systems (IDS) serve in network security?

They monitor for suspicious activity. (A)

Which port is typically used for Secure Shell (SSH) connections?

22 (D)

What does a dictionary attack exploit to gain unauthorized access?

Patterns of common usernames and passwords (A)

What is a potential threat posed by social engineering?

Manipulating individuals into revealing information (B)

Which type of attack relies on creating false IP packets that rely on destination address alone?

TCP attacks (C)

What is a primary concern of network security?

To protect vital information and ensure accessibility (B)

What type of firewall filters packets based on predefined rules?

Packet filtering firewalls (D)

Which of the following is a primary function of firewalls?

To limit access to end hosts (D)

Why is it important to keep firewalls up to date?

To address newly discovered vulnerabilities (A)

What characterizes Denial of Service (DoS) attacks?

They aim to make a network service unavailable (D)

What is an example of access control in network security?

Utilizing biometric authentication methods (C)

Which system might incorporate a built-in firewall function?

Unix systems (C)

What type of information should be protected by network security measures?

Trade secrets and personal data (B)

What is one potential risk of having only one point of access into a network as provided by a firewall?

Increased vulnerability to attacks at that point (A)

Which of the following best describes packet sniffing?

Interception of data packets traveling over a network (D)

What is a key benefit of using firewalls in a network?

They limit access to end hosts based on rules. (B)

Which of the following is a drawback of firewalls in network security?

They can create single points of failure in a network. (D)

What differentiates packet filtering firewalls from other types?

They filter packets based on specific rules set by administrators. (A)

Which of these is primarily targeted in Social Engineering attacks?

End-user behaviors and trust. (B)

What is a common characteristic of Denial of Service (DoS) attacks?

They overwhelm a service, making it unavailable to legitimate users. (C)

What is the role of intrusion detection systems (IDS) in network security?

They monitor network traffic for suspicious activities. (B)

How do firewalls maintain their effectiveness over time?

Administrators regularly update the firewall configurations. (B)

Which communication protocols typically rely on port numbers for their operation?

Both TCP and UDP protocols. (A)

What type of attack involves monitoring network traffic to capture unencrypted data, such as passwords?

Packet Sniffing (D)

Which of the following port numbers is associated with the Post Office Protocol (POP3)?

110 (C)

What is the main purpose of a Denial of Service (DoS) attack?

To make network services unavailable (D)

Which protocol is commonly associated with TCP port 443 for secure web communications?

HTTPS (B)

Which type of social engineering involves tricking individuals into revealing sensitive information?

Phishing (B)

What can be a consequence of a successful dictionary attack?

Unauthorized access to accounts (C)

What is one method for securing data transmitted over the Internet to prevent packet sniffing?

Implementing SSL/TLS (C)

What type of monitoring system is designed to detect suspicious activity on a network?

Intrusion Detection System (IDS) (C)

Flashcards

Port Numbers

Unique numbers that identify specific services on a computer.

TCP Ports

Specific port numbers used for Transmission Control Protocol (TCP) services.

Intrusion Detection

Monitoring for suspicious activity on a network using known patterns.

Dictionary Attack

Trying common passwords to guess a user's password.

Denial-of-Service (DoS) attack

Overloading a network service to make it unusable.

Packet Sniffing

Intercepting and examining network traffic.

Social Engineering

Manipulating people to gain access to information or systems.

HTTPS

Secure version of HTTP, using encryption.

Network Security

Measures to protect network resources and data from unauthorized access, use, disclosure, disruption, modification, or destruction.

Firewall

A security system that controls incoming and outgoing network traffic based on predetermined rules, acting as a gatekeeper.

Packet Filtering Firewall

A type of firewall that inspects network packets and filters them based on predefined rules.

Denial-of-Service Attack

An attack that floods a network or server with traffic, making it unavailable to legitimate users.

TCP Attack (Spoofing)

An attack that manipulates TCP packets to gain unauthorized access or disrupt network services.

Network Ports

Endpoints in a computer operating system for communication.

What are port numbers?

Unique numbers assigned to specific services on a computer, like a web server or email service, allowing communication with them.

What's the purpose of well-known ports?

They are reserved by convention to identify common services on a network, making communication easier and standardized.

How is a port associated with an IP address?

Every port belongs to a specific IP address, which identifies a particular computer on a network.

What is a TCP port?

A port used for Transmission Control Protocol (TCP), which ensures reliable data delivery.

What is a UDP port?

A port used for User Datagram Protocol (UDP), which offers fast but less reliable data transmission.

What is a dictionary attack?

A cyberattack that tries to guess a password by trying common words and phrases from a list.

How does a Denial of Service (DoS) attack work?

It overloads a network or server with excessive traffic, preventing legitimate users from accessing services.

What is packet sniffing?

Intercepting and reading network traffic, potentially revealing sensitive information.

What is social engineering?

Manipulating people to gain access to sensitive information or systems by exploiting trust and deception.

What is SSL/HTTPS?

Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are protocols that encrypt data transfer for secure communication over the internet.

Network Security: Why?

Protecting vital information while still allowing needed access. Examples include safeguarding trade secrets, medical records, and personal data, as well as ensuring reliable access to resources.

Firewall: What is it?

A security system that acts like a gatekeeper, controlling incoming and outgoing network traffic based on pre-defined rules.

Firewall: How does it work?

Firewalls filter network packets, passing only those that meet specific rules, ensuring only authorized traffic can enter and exit a network.

Firewall: What does it protect against?

Firewalls protect against unauthorized access, malware, and other security threats, helping to maintain the integrity and availability of a network.

TCP Spoofing: What is it?

An attack where attackers manipulate TCP packets to gain unauthorized access to a system or disrupt normal network operations.

Packet Sniffing: What is it?

The act of intercepting and examining network traffic as it passes through a network, like listening in on a conversation.

Social Engineering: What is it?

Manipulating people to gain access to information or systems. Like tricking someone into giving you their password.

Network Ports: What are they?

Unique numbers that identify specific services on a computer. They act as communication endpoints.

Transmission Control Protocol (TCP) & UDP Ports

TCP and UDP are protocols for communication on the internet. TCP is reliable and ordered, while UDP is faster but less reliable. Their use determines the port number.

HTTPS: What is it?

Secure version of HTTP that uses encryption to protect data transmitted between a website and a user.

Intrusion Detection: What is it?

Monitoring for potentially malicious activity on a network, identifying suspicious patterns and anomalies.

Dictionary Attack: What is it?

A password attack that involves using a list of common or pre-compiled passwords to guess a user's password.

Authentication: What is it?

Verifying the identity of a user or device before granting access to network resources.

Access Control: What is it?

Restricting access to network resources based on user roles and permissions.

What is network security?

Measures taken to protect a network and its resources from unauthorized access, use, disclosure, disruption, modification, or destruction.

Why do we need network security?

To safeguard sensitive information like trade secrets, medical records, and personal data while still allowing access to authorized users.

TCP Spoofing

A type of attack where attackers manipulate TCP packets to gain unauthorized access to a system or disrupt normal network operations.

What do port numbers do?

Port numbers identify specific services running on a computer, like web servers (HTTP) or email (SMTP).

What is an IP address?

An IP address is a unique numerical label assigned to each device on a network, like a postal address for a computer.

What is TCP?

TCP (Transmission Control Protocol) is a reliable communication protocol that ensures data arrives in the correct order and without errors.

What is UDP?

UDP (User Datagram Protocol) is a fast but less reliable communication protocol, often used for applications that don't require error-free delivery.

What is a DoS Attack?

A DoS (Denial of Service) Attack floods a server or network with traffic, making it unavailable to legitimate users.

Study Notes

International & Access Foundation Programmes

• Computer Science Module, Semester 2, Part 5: Networks - Network Security

Overview

• What is network security?
• Why is network security needed?
• Who is vulnerable?
• Common security attacks and countermeasures
  • Firewalls & Intrusion Detection Systems
  • Denial of Service Attacks
  • TCP Attacks (Spoofing)
  • Packet Sniffing
  • Social Engineering

Why do we need security?

• Protect vital information while allowing access to those who need it
  • Trade secrets, medical records, personal data etc.
• Provide authentication and access control for resources
  • Login, Passwords, Biometrics
• Guarantee availability of resources
  • Uptime 99.995% reliability

Firewalls

• Basic problem: many network applications and protocols have security problems that are fixed over time

• Difficult for users to keep up with changes and keep host secure

• Solution: Administrators limit access to end hosts by using a firewall

  • Firewall is kept up-to-date by administrators

• Firewall is like a castle with a drawbridge: only one point of access into the network

  • This can have positives and negatives
  • Can be hardware or software
  • Some routers come with firewall functionality
    • Unix systems, Windows XP/7/8 and Mac OS X have built-in software firewalls

• Diagram shows the firewall's position between the Internet and Intranet, with a DMZ (Demilitarized Zone) in between for servers.

  • Data flows from Internet, through a Firewall, then to the DMZ, and to the Intranet.

• Used to filter packets based on rules

• These are called packet filtering firewalls

• There are other types too, but they will not be discussed.

• Windows 7 default installation shows specific open ports.

Ports

• In the internet protocol suite, a port is an endpoint of communication in an operating system
• 1024 well-known port numbers are reserved to identify specific service types on a host
• A port is always associated with an IP address of a host
• Examples include: http://www.example.com:8080, http://72.56.123.233:80/
• List of registered ports

Typical TCP Ports

• 21: File Transfer Protocol (FTP)
• 22: Secure Shell (SSH)
• 23: Telnet remote login service
• 25: Simple Mail Transfer Protocol (SMTP)
• 53: Domain Name System (DNS) service
• 80: Hypertext Transfer Protocol (HTTP) – used in the World Wide Web
• 110: Post Office Protocol (POP3)
• 119: Network News Transfer Protocol (NNTP)
• 123: Network Time Protocol (NTP)
• 143: Internet Message Access Protocol (IMAP)
• 161: Simple Network Management Protocol (SNMP)
• 194: Internet Relay Chat (IRC)
• 443: HTTP Secure (HTTPS)

Types of Attack

• Intrusion Detection
  • Used to monitor for "suspicious activity" on a network.
  • Based on well-known patterns of behavior.
• Dictionary Attack - Brute Force
  • Dictionary attack on passwords.
• Denial of Service
  • Makes a network service unusable by overloading the server or network.
• TCP Attacks
  • Create IP packets and routers process them based on destination address alone
  • End hosts may lie about other fields which do not affect delivery
  • Attacker can insert malicious data into the TCP stream, and the recipient will believe it came from the original source.
• Packet Sniffing
  • Affects any broadcast-based medium (cable, wifi, etc.)
  • A host listens to the data (plain text data – passwords).
  • Solution: encrypt the data using Secure Sockets Layer (SSL) for https addresses
  • Web browsers know how to trust HTTPS websites based on certificate authorities.
  • IPSec - Internet Protocol Security (a protocol suite for securing Internet communications by authenticating and encrypting IP packets).
• Social Engineering
  • People can be just as dangerous as unprotected computer systems.
  • People can be lied to, manipulated, bribed, threatened, harmed, tortured, etc. to give up valuable information.